The firm – which employs 800 people – was hit by a “sophisticated cyber-incident” last year which saw data relating to current and former employees copied from its systems and leaked online.
It has taken GRS months working with cybersecurity experts to identify exactly what information was stolen.
Letters now being sent out – one of which was shared with the Enquirer – detail the scale of the incident.
Personal information compromised includes bank account details, names, addresses, dates of birth, driving licences, health data and NI numbers.
Staff are urged to regularly check bank statements and report any unrecognised transactions plus beef-up online security and be suspicious of any contact from people looking to confirm bank details.
GRS is also offering those hit a free 12 months of precautionary credit and identity monitoring services from Experian and to pay to have people’s driving licences replaced.
A spokesperson for GRS said: “We can confirm we were the victim of a cyberattack in March last year when some employee data was copied from our systems and leaked online.
“We have notified those impacted in line with our legal obligations and are liaising with them directly to provide support.
“As soon as we became aware of the issue, we made the decision to shut down our systems and rebuild them in a safe and secure way. We have further strengthened our cyber defences by enhancing existing systems and deploying more advanced threat protection measures.